21:41: For employers

Deliver on promises and overcome expectations will achieve any business unit after joining me to the team. We will get alignment of the company’s processes and controls with external regulation requirements, adequate risk recognition and reduction, guarantee continuity of critical processes. Efficient security model will be integrated in project life cycle and operational activities. Utilizing available resources of organizational units, basing on strongest personnel skills and taking patiently stakeholders' opinions my department will increase the performance of the business.

16:03: I'm looking for the job
ING Retail startup in Ukraine is a great event in banking history of Ukraine. So much power, engagement, inspiration has shown perhaps no one banking team. Now it is said to understand that jump acceleration were not enough to overcome the crunch downfall. Customer service will continue till the end of may. Still we're delivering on promises and keeping on the highest rate of ING brand. We have come with head above and go away with confident walk. Closing the bank is might be even more difficult proof for the team. However, in more harder test we dive - in more strongest way we come up. Sure we  were a perfect example of how bank should enter greenfield market, obviously we will show how to get out of the business keeping clients satisfied and calm.
All my experience, all my skills harden during startup and closing ready to deliver value for potential employer.
Waiting for your proposals. Hope we will get in touch through available contacts:
  +38050 311 61 72
 gpaharenko at gmail.com

Complete CV available here:
  http://docs.google.com/Doc?id=dhdxn2g6_3g5bxk5


Tags: ing, job

10:37: Pen test methodology
Here is what I require from pen-test providers in Ukraine:
  http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Tags: pen-test

10:25: More about N-tired protection
How hackers work to infect your PC? Let's cover a bit a common way:

JavaScript which sends browser to exploit -> Exploit which downloads loader -> loader downloads main body.

I will show you the details:
( Read more ... )


Tags: antivirus, cisco, ips

20:32: I work for ING Bank Ukraine as IT Security Architect
Responsible for the security of IT across all platforms and applications, voice and data across all facets of ING Bank Ukraine’s banking operations. Have wide skills in IT security, system administration, programming, audit, incident response handling.

Complete CV available here:
  http://docs.google.com/Doc?id=dhdxn2g6_3g5bxk5

00:28: Cisco IPS manager after not clean shutdown
After unclean shutdown my IPS manager express stopped to query events from the sensor. It just show "No events...". However I've successfully fixed it!  IME uses mysql inside. The problem was in the corrupted table, which I have to repair.
( Read more ... )



Tags: cisco, ips

18:18: What antivirues are good
Recently I've caught a best in a wild. Only 10/36 (27.78%) determined that this was a trojan. Take it into an account when selecting antivirus.
 
( Read more ... )

18:00: Add/remove windows components from cmd
Some times you can meet that Add/Remove windows components tab is disabled in Add/Remove programms applet. Invoke

%windir%\system32\sysocmgr.exe /i:%windir%\inf\sysoc.inf

and vualia - you're managing the components in separate window.

00:00: MARS backup
I've successfully setupped mars backups to NFS on Windows using MS SFU.
Hit some problems due turned off v3 NFS and tcp support. Also I had to reboot MARS appliance. Keep v3 support enabled!

Tags: cisco, mars

23:42: IPS manager integrates with wireshark
I'll will put some opinions about cisco IPS. I've been working with it both in ASA AIP-SSP and IDSM forms, no much difference.
( Read more... )

Tags: cisco, ips

21:55: Make vpn setupping easy!
Very helpful script :-) Other VPN party should run it to test, instead of manually invoking by hand

:Start

telnet www.com.ua 80

GOTO Start

23:08: self signed certificate under windows after 5 minutes
Recently I had to create a self-signed certificate very quickly under windows!. This was achieved for 5 minutes. Are you faster?
( Read more ... )

22:40: Does nmap sucks UDP?
Continuing my previous post about nmap, I need to tell that nmap lucks good support for UDP. Most UDP services will do not respond to malformed or 0-length udp packets. Here is helps unicornscan which has good database of payloads. Sorrely it does not contain all TOP 10 upd ports from nmap's author "Scanning Internet", but anyway helps us. Alternatively you can utilize different utilites: ike-scan, nbtscan.

unicornscan -r5 -mU -I network/24:53,123,137,500

will find much more than

nmap -sU -p 53,123,137,500

It is possible to do use your own nmap-service-probes file as well, and write your own probe packets. (Use the --datadir option.) But I have not checked it yet. Default database of nmap probes lacks isakmp. Though it successfully finds DNS:

  nmap  -p 53 host.ua  -P0 -sUV

PORT   STATE SERVICE VERSION
53/udp open  domain  ISC Bind 9.X


Using amap was unsuccessful to identify ISAKMP, DNS - success.
 amap -u host.ua 53

root@localhost:~/soft/framework-3.1# amap -u  matrix.ua 53
amap v5.2 (www.thc.org/thc-amap) started at 2008-09-07 12:40:03 - MAPPING mode

Protocol on xxxxx:53/udp matches dns-djb
Protocol on xxxx:53/udp matches dns
Protocol on xxxx:53/udp matches dns-ms
Protocol on xxxx:53/udp matches dns-bind9

Unidentified ports: none.

amap v5.2 finished at 2008-xxx 12:40
Using metasploit  scanner/discovery/sweep_udp was unsuccessfull to identify ISAKMP, DNS- success.

./msfconsole
use scanner/discovery/sweep_udp
set RHOSTS net/24
run
[*] Discovered DNS on ::ffffxxxxx.xxxx.xxxx (000000000100c00c00020003000000000002c00c)
[*] Auxiliary module execution completed

19:21: What hosts others see in your AS?
What hosts hackers can discover on your corporate network? Are you sure that your firewall rules applied
correctly. I'm not. We need to check them when we have limited time, what nmap options to use? "-sS -p 1-65535 -P0" most probably will perform good precision scan, but have we time for it? As alternative we can speedup the scan:

nmap -iL targets -oN output_data -v -n -sP -PE -PP -PS21,22,23,25,53,80,88,143,443,445,1433,1521,3389,8080 -PA80,443 --source-port 53


The ports takein from TOP10 dschield ports and from my own mind. The limitations - is that we scan only TCP ports and do not perform UDP service discovery.

21:00: OpenSSL & latest Windows
To run OpenSSL binaries on latest Windows (Vista, XP, 2003), do not forget to install visual studio 2008 redistributable, otherwise binaries won't start and in event log you'll find complains regarding absence of VC90.CRT:

11:11: Backup continued... RedHat

This is a brief steps of how to restore RedHat OS from veritas netbackup:



Tags: redhat

12:04: SAP security testing
Perhaps there is a lot to do on SAP security, however one of the basic steps is to check if default passwords has been changed on sap instances. Usually it is:

TMSADM:
SAP*:06071992
SAPCPIC:ADMIN
DDIC:19920706
EARLYWATCH:SUPPORT
SAPR3:SAP

For this task you can use my simple framework based on SAP java connector. See:
  http://gpaharenko.googlecode.com/files/sap.tar.bz2

Tags: sap

16:29: Solaris recovery from Veritas NetBackup
Though this is not security question, it is some how related to DRP :)

A small how-to on recovering a Solaris 10 box using vertias NetBackup. It is never worth to read:
  http://www.sun.com/bigadmin/content/submitted/restore_netbackup.html



Tags: solaris

13:31: This is my example on how to setup SSL certificates authentication in Apache2 and script for automated testing of correct configuration.



Tags: web

19:53:

Cutting the Air: OTA & OMA threats.

In this article we discuss the threats which affect mobile devices. There is no known direct exploitation, but in combination with social engineering tricks you can get partial control over mobile device settings. For this purpose we will utilize OTA, OMA DM and OMA DS technologies.
Google docs version available here:
  http://docs.google.com/Doc?id=dhdxn2g6_50ds4wqchp

In case you're interested in this topic, it is worth to read:
  http://vallejo.cc/proyectos/envio%20sms%20english.htm




Tags: gsm